Security Models included in the CISSP Exam:
Security models of control are to be utilized for determining about how security would be implemented, what subjects could be accessing the system, and what objects they would have access to. Simply stated, they would be a way to formalize security policy. Security models of control are typically implemented by enforcing confidentiality, integrity, or other controls. Keep in mind that each of these models would be laying out broad guidelines and is not specific in nature. Before we discuss them if you wish to have the CISSP in a single attempt, gain it by the prep courses available at SPOTO.
- State Machine Model
The state machine model is going to be based on a finite state machine. State machines are going to be utilizing to model complex systems and deals with acceptors, state variables, recognizes, and transaction functions. The state machine would be defining the behavior of a finite number of states, the transitions between those states, as well as actions that could occur.
- Finite state model
A state machine model is going to monitor the status of the system in order to prevent it from slipping into an insecure state. Systems that would be supporting the state machine model would need to have all their possible states examined to verify that all processes are controlled. The state machine concept is going to serves as the basis of many security models. The model is going to be valued for knowing in what state the system will reside.
- Information Flow Model
The Information Flow model is considered to be an extension of the state machine concept as well as serves as the basis of design for both the Biba models and Bell-LaPadula models, which would be discussed in the sections that follow. The Information Flow model is going to consists of objects, state transitions, and lattice states. The real goal of the information flow model is preventing unauthorized, insecure information flow in any direction. This model and others could make the use of guards. Guards are going to be allowed the exchange of data between various systems.
- Noninterference Model
The Noninterference model as defined by Meseguer and Goguen was designed for making sure those subjects and objects of different levels don’t interfere with the objects and subjects of other levels. The Noninterference model would be utilizing inputs and outputs of either low or high sensitivity. Each data access that would be attempted is independent of all others and data cannot cross security boundaries.
The Bell-LaPadula state machine model would be enforcing confidentiality. The Bell-LaPadula model is going to utilize mandatory access control to enforce the DoD multilevel security policy. For a subject in order to access information, he must have a clear need so as to know and meet or exceed the information’s classification level.
The Bell-LaPadula model would be defined by the following properties:
- Simple security property (ss property)
This property would be stating that a subject at one level of confidentiality is considered wouldn’t be allowed to read the information at a higher level of confidentiality. This is sometimes would be referred to as “no read up.”
- Star * security property
This property is going to state that a subject at one level of confidentiality isn’t going to be allowed to write information to a lower level of confidentiality. This would also be known as “no write-down.”
- Strong star * property
This property states that a subject couldn’t read or write to the object of higher or lower sensitivity.
If you wish to learn more about the Security Models, you could do it through the prep courses offered by the SPOTO.